Clearpass guest 6.x ldap authentication

‎05-13-201412:27 PM - last edited on ‎05-13-201401:45 PM by SRynearson

Dear Everybody,

I need some help in Clearpass guest receptionist authentication.

We have clearpass 6.2 with guest modul. In the guest module We customized guest receptionists page. I created a profile for them and configurated a traslation rule. In CPPM We created a same role (in configuration->Identity->Roles) and We created a new local user with this role. This is work perfectly (when We login this user we get the custumized recepcionist page).

But We would like to authenticate via LDAP and not local user, but I have some problem with it.

I set the authentication source but I dont know what next. I guess I have to set a services but I dont know how?

Can you help me what are the next steps to configurate the guest recepcionist authentication via ldap.

Re: Clearpass guest 6.x ldap authentication

‎05-13-201401:07 PM

1. Create your Authentication Source (sounds like you have this bit covered). But if not, create this under Configuration -> Authentication -> Sources.

2. Create an Enforcement Profile under Configuration -> Enforcement -> Profiles. This is where you tell Guest which Operator Profile to assign to the authenticated user. Create one of type Generic Application Enforcement, with an Action of Accept, and add an attribute of admin_privileges = "Your Operator Profile". This should have a matching entry in Guest under Administration -> Operator Logins -> Translation Rules. A screenshot is attached as an example.

3. Create an Enforcement Policy under Configuration -> Enforcement -> Policies. This is where you match on some information passed from your Authentication Source to accept or deny access in it's simplest form. Create one of type Application, assign a Default Profile, e.g. [Deny Application Access Profile], set a rule to match your Authentication Source attributes that will in turn, set your Enforcement Profile created in step 2. For example, you may set a rule that looks for both Tips:Role EQUALS [User Authenticated] AND Authorization:"Your Authentication Source":memberOf CONTAINS CN=groupname,OU=orgunit,DC=company,DC=com. This would look for a particular group membership in an Active Directory source for instance.

4. Create a new service of type Aruba Application Authentication.

5. Create two service rules;

5a. Application - Name - EQUALS - Guest

5b. Authentication - Type - NOT_EQUALS - SSO

6. Under the Authentication tab, select the Authentication Source created in step 1.

7. Under the Enforcement tab, select the Enforcement Policy created in step 3.